2.4.4: Secure Shell Public Key Settings Not Generating Key



  • I started anew with pfSense (updated from 2.4.3 to 2.4.4 in my old setup and then reset to Factory Defaults). With my initial setup a couple of years ago (and this will be approximate since the interface has changed during that time), when I changed the Secure Shell settings at:

    System > Advanced > Admin Access

    by turning on the Enable Secure Shell setting and then choosing one of the three SSHd Key Only
    options:

    • Password or Public Key
    • Public Key Only
    • Require Both Password and Public Key

    pfSense popped up a message that it was generating a key (EDIT: No, I manually generated this key in PuttyGen and pasted it in > "...and, I believe, put that key in System > User Manager"). With 2.4.4, I got no such message and no public key. Is this expected behavior now?

    Also, and this might be related, as I switched between those SSHd Key options, I got the following notifications:

    Notices
    Filter Reload
    There were error(s) loading the rules: /tmp/rules.debug:106: unknown port b - The line in question reads [106]: block in log quick proto tcp from <sshguard> to (self) port b tracker 1000000301 label "sshguard"
    @ 2018-11-30 13:47:29
    There were error(s) loading the rules: /tmp/rules.debug:106: unknown port e - The line in question reads [106]: block in log quick proto tcp from <sshguard> to (self) port e tracker 1000000301 label "sshguard"
    @ 2018-11-30 13:48:33
    

    I'm not sure, but is that related to:

    https://redmine.pfsense.org/issues/8974


  • Rebel Alliance Developer Netgate

    That issue is fixed by the commits listed on the redmine issue you linked.


  • Rebel Alliance Developer Netgate

    And BTW this is also fixed in 2.4.4-p1 which is out now. You will most likely need to edit/save the settings on System > Advanced one more time after setting them back the way you want.



  • @jimp said in 2.4.4: Secure Shell Public Key Settings Not Generating Key:

    That issue is fixed by the commits listed on the redmine issue you linked.

    Thanks. Are there repercussions to this in pfSense? For instance, yesterday, I couldn't get my Firewall log to stop logging all default deny blocks (unchecking the box in settings didn't seem to work). I finally rebooted the firewall and now nothing seems to be logged in the Firewall area. I even turned on the option to log all default pass rules (all the log options are on). I've also rebooted. Nothing has shown up in that log in about 12 hours (as opposed to the thousands I was seeing before).



  • @jimp said in 2.4.4: Secure Shell Public Key Settings Not Generating Key:

    And BTW this is also fixed in 2.4.4-p1 which is out now. You will most likely need to edit/save the settings on System > Advanced one more time after setting them back the way you want.

    Thanks. I'll update to that as soon as I can. Congratulations on the new release.



  • I'm pretty sure this is fixed with 2.4.4_1. The error messages have gone away and when I reset the options the system paused for quite some time. I'm assuming it was generating the keys. I didn't get any message about key generation, though.